Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-30995

WICD does not use 'ExecutionPolicy Bypass' when running powershell commands

XMLWordPrintable

    • No
    • 3
    • WINC - Sprint 257
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, when configuring a Windows VM on which the default Powershell execution policy was set to `Restricted`, the WMCO was unable to execute the necessary commands As a consequence, the Windows node would not be properly configured. With this fix, the WMCO bypasses the execution policy when running Powershell commands on a Windows VM. (link:https://issues.redhat.com/browse/OCPBUGS-30995[*OCPBUGS-30995])
      Show
      * Previously, when configuring a Windows VM on which the default Powershell execution policy was set to `Restricted`, the WMCO was unable to execute the necessary commands As a consequence, the Windows node would not be properly configured. With this fix, the WMCO bypasses the execution policy when running Powershell commands on a Windows VM. (link: https://issues.redhat.com/browse/OCPBUGS-30995 [* OCPBUGS-30995 ])
    • Bug Fix
    • Done

      Description of problem:

      There is a discrepency in how [WMCO runs powershell commands|https://github.com/openshift/windows-machine-config-operator/blob/7a814dc7360430226e82957795342d405b1f81ca/pkg/windows/windows.go#L1021], and how [WICD runs them|https://github.com/openshift/windows-machine-config-operator/blob/7a814dc7360430226e82957795342d405b1f81ca/pkg/daemon/powershell/powershell.go#L18]. WMCO explicity sets ExecutionPolicy Bypass, while WICD uses the default on the Windows VM.

      Version-Release number of selected component (if applicable):

      4.16

      How reproducible:

      Unknown

      Steps to Reproduce:

          1. On a BYOH node set the execution policy to restricted by running: `Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy Restricted`
    2. Attempt to configure the Node with WMCO

      Actual results:

      Node is not properly configured:
Error message in WICD log:

    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess
: exit status 1
E0509 15:57:30.691935     656 controller.go:247] could not resolve PowerShell variable ENDPOINT_IP: error running command with output C:\Temp\network-conf.ps1 : File C:\Temp\network-conf.ps1 cannot be loaded. The file C:\Temp\network-conf.ps1 is not
digitally signed. You cannot run this script on the current system. For more information about running scripts and
setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ C:\Temp\network-conf.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess
: exit status 1

      Expected results:

      Node joins the cluster as expected

      Additional info:

              rh-ee-ssoto Sebastian Soto
              rh-ee-ssoto Sebastian Soto
              Aharon Rasouli Aharon Rasouli
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: